Amazon has stated a plan to not unsell books in such situations in future – although they will apparently reserve the right to do so if they wish.

It seems to me that Amazon management are amazingly stupid. One thing we need to consider is that Amazon employs a large number of people, some of whom will be criminals and some will act in irrational ways for various reasons. Of the Amazon employees who won’t consistently act in an honest and reliable way on behalf of their employer some will have access to the database which controls the content that is permitted on Kindles. The Journalspace fiasco should be sufficient proof of this problem [3].

If a rogue employee wiped the database of sales in progress it would really hurt the Amazon business model, but if a rogue employee also unsold the existing works (stole property from customers) then it would be much worse.

The “features” of the Kindle would be useful to anyone who wants to make some money shorting Amazon stock. This should be of concern to the directors of Amazon.

6 comments to DRM and Rogue Employees

It would take pretty lax security and backup procedures for a single user to be able to wipe out all sales records and their backups. The one case you mention of a rogue employee wiping out a business was due more to lax backup procedures than to an errant employee.

If all it takes to wipe out all of your data is a simple “DROP DATABASE FOO;” query, I’d say chances are better hardware failure or a simple programming error is 100x more likely to take you down than an angry employee.

Michael: In the past I’ve worked with companies of equivalent size to Amazon who had no good backups. However I believe that Amazon is better than them.

A smart attacker wouldn’t merely wipe out data. Options include corrupting the data slowly over the course of months (which wouldn’t work if database changes caused an immediate change to kindle state). If the same person had access to the backup system and the database they could corrupt backups until the tapes had been cycled and then wipe the database.

Even if the Amazon server unsold all books and a couple of days later they appeared on the Kindles again the damage would be significant. It’s not just an inconvenience of being unable to read the book for a couple of days, it’s an invasion of the sovereignty of the user’s computer. In Internet terms it’s an act of war!

One further point to consider is censorship. The control that Amazon has over products the person has paid for is amazing. I can’t understand why would anyone would want this or why any government or society would allow this.

Again, with DRM you’re are not buying anything you’re simply renting and anything else is completely out of your control.

etbe: True, but that’s a lot of ifs. Seems a more likely attack vector would be a disgruntled Debian developer slipping a backdoor into a package. Think about how long the huge OpenSSL flaw went unnoticed and that wasn’t even intentionally malicious. Hell, Chinese open source contributors may be covertly working for their government waiting for the right time to inject a vulnerability.

I don’t think its likely, but I do think its at least as likely as a malicious Amazon employee erasing all e-books on all Kindles. Yet you won’t see me discouraging Chinese involvement in open source because of paranoia. I think we need to be level headed about such things. DRM is bad, but it doesn’t warrant us becoming needlessly paranoid.

Here’s an article about Amazon canceling someone’s Kindle account which made all their previously purchased books unreadable. Apparently they returned three books to Amazon which made them a bad customer…

Eventually Amazon uncanceled the account, but it’s a nasty thing to do.